The proposed Decision is clearly of sufficient importance
to merit scrutiny by the House of Lords European Committee. In
particular, such scrutiny is necessary because many key provisions
of the proposal are unclear and ambiguous, and the Decision takes
no or limited account of human rights and data protection concerns.

We have the following specific observations:

1) Human Rights

The proposed Decision makes no reference to human rights at
any point. There needs to be an overarching reference to the
requirement to comply with applicable human rights standards
imposed by the European Convention on Human Rights and any higher
standards set by Member States. For instance, see the new Article
1a proposed by the EP's civil liberties committee (report A5-0102/2000,
4 April 2000).

2) Creation of FIUs

It is not clear from the draft Decision whether Member States
have an obligation to create FIUs, or whether the Decision only
applies if Member States have established an FIU. This point
should be clarified.

3) Status of FIUs

As drafted, Article 3 is unclear. Does it require Member States
to change the status of FIUs in national law? The effect of this
Article should be clarified.

4) Data Protection

Article 4 is highly deficient because it does not provide
for the application of data protection standards. Nor does Article
6. Article 5(4) refers to data protection in the requesting state,
but it is also essential to provide for the application of data
protection rules in the requested state. Indeed, Article 5(4)
could be interpreted to mean that only the requesting state's
data protection rules apply, in the absence of an explicit reference
to data protection in Articles 5(5) and 6(2). Therefore the Decision
needs an explicit clause on this point. The amended version of
Article 5(4) proposed by the EP's civil liberties committee (see
report mentioned above) is a good starting point, but this clause
should also refer to compliance with the national law of the
requested and requesting Member States, since the Council of
Europe Convention and the EC directive set only minimum standards.

In addition, Article 5(3) must be amended to clarify that
some or all of the information requested could be refused if
it would violate EC, international or national data protection
law to disclose it. Otherwise the Decision could be interpreted
to mean that requested FIUs could never refuse to disclose
information on data protection grounds, since Article 5(3) only
refers to criminal investigations as a reason for refusing data
and Article 5(4) refers only to protection of information after
a transfer. If the EU is really to take data protection
seriously, the Decision must provide explicitly for refusal of
the transfer of information on data protection grounds.

The Decision should also provide explicitly that national
data protection laws apply to it fully, in particular as regards
complaints and requests for information, the powers of data protection
authorities, and the right to request access to, correction of
and deletion of data. It should also include rules on cross-border
access to data (concerning such issues as mutual recognition
of a decision of one Member State's court to order deletion of
information from files) at least equivalent to the rules in the
Europol or Schengen Convention on this matter.

5) Prosecutions

Article 5(2) should specify that the requested state's prior
approval of the use of information for prosecution must be in
writing, so as to furnish proof that the relevant approval has
been given. The Article must also specify that the use of information
for prosecution shall be subject to both the requested and requesting
state's rules on the rights of the defence, in particular to
the evidence law of both states including both states' rules
on disclosure of evidence to the defence. The prosecuting state
must also inform the defence that the information has been obtained
subject to this Decision and which Member State it was received
from. These protections are essential because the defence should
have an opportunity to challenge the use of the transmitted information
if the provisions of this Decision or either state's relevant
laws have been violated.

It is not clear how Article 5(3) relates to Article 5(2).
Unless every Member State permits FIUs to prosecute individuals,
then at least a prosecuting authority will have to have access
to the relevant information. Article 7 should refer back to Article
5(3), as ensuring such non-transmission should form part of the
protected channels of communication applying to the FIUs.

6) Europol

Article 8 must be clarified. What are the FIU's obligations
to Europol?

7) Drafting

The Decision would be easier to read with headings for each
Article, as found in other recent EU legislation.

There is no need for Article 6(2), since it reproduces Article
5(5), and Article 6(3) already imposes all the rules of Article
5 upon spontaneous exchange of information.

Moreover, there is no need for Article 6(3), since Article
5 appears to apply to the entire Decision already, not just to
Article 4 (see Articles 5(1) and 5(3)). This would be even clearer
if the order of Articles 5 and 6 were reversed.

Statewatch evidence prepared by Steve Peers, Reader in Law,
University of Essex

26 April 2000

&COPY; Statewatch ISSN 1756-851X.Material may
be used providing the source is acknowledged.Statewatch
does not have a corporate view, nor does it seek to create one,
the views expressed are those of the author. Statewatch is not
responsible for the content of external websites and inclusion
of a link does not constitute an endorsement.